design-intent-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly accepts and fetches Figma URLs (e.g., "User provides Figma URL" / "Fetching Figma design..." and the optional figma-dev-mode-mcp-server in WORKFLOW.md/EXAMPLES.md), meaning it ingests arbitrary third‑party user-generated design content from the public web which the agent reads and interprets as part of its workflow.